1inch implements two types of farming contracts. While the first one is a traditional farming contract where tokens need to be deposited for reward eligibility, the second one is as ERC-20 library contract which has farming capabilities built-in and, thus, allows for participating in multiple farms without requiring individual deposits in each one.
The most critical subjects covered in our audit are functional correctness, dependency on external contracts, and precision of arithmetic operations. Security regarding all the aforementioned subjects is high.
The general subjects covered are usage as a library, code complexity, documentation, specification, and gas efficiency. In general, these subjects are satisfactory. However, specification and documentation are non-existing, see Insufficient documentation, while code complexity is high due to complex control flows. That makes understanding the system and integrating with it difficult.
In summary, we find that the codebase provides a good level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.